[nuttx] branch master updated: sys/socket/scm: return NULL when cmsg_len is zero

Wed, 28 Dec 2022 21:25:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new 5d643b3bef sys/socket/scm: return NULL when cmsg_len is zero
5d643b3bef is described below

commit 5d643b3bef3e39ca61c92af4f854c8480692c5ea
Author: dongjiuzhu1 <[email protected]>
AuthorDate: Thu Nov 10 16:31:01 2022 +0800

    sys/socket/scm: return NULL when cmsg_len is zero
    
    Signed-off-by: dongjiuzhu1 <[email protected]>
---
 include/sys/socket.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/sys/socket.h b/include/sys/socket.h
index aa633ec7a4..28cd271491 100644
--- a/include/sys/socket.h
+++ b/include/sys/socket.h
@@ -348,11 +348,12 @@ static inline FAR struct cmsghdr *__cmsg_nxthdr(FAR void 
*__ctl,
                                                 unsigned int __size,
                                                 FAR struct cmsghdr *__cmsg)
 {
-  FAR struct cmsghdr *__ptr;
+  size_t len = CMSG_ALIGN(__cmsg->cmsg_len);
+  FAR struct cmsghdr *__ptr =
+               (FAR struct cmsghdr *)(((FAR char *)__cmsg) + len);
 
-  __ptr = (FAR struct cmsghdr *)
-    (((FAR char *)__cmsg) + CMSG_ALIGN(__cmsg->cmsg_len));
-  if ((unsigned long)((FAR char *)(__ptr + 1) - (FAR char *)__ctl) > __size)
+  if (len < sizeof(*__cmsg) ||
+      (unsigned long)((FAR char *)(__ptr + 1) - (FAR char *)__ctl) > __size)
     {
       return NULL;
     }

Reply via email to